You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

When or if a free solution is found, that information will be provided in this support topic and you will receive notification if subscribed to it. In addition, a news article most likely will be posted on the BleepingComputer front page.

I just submitted some files (key in DECRYPT txt is Nz5zSGopV58J6RwztmDBgVLQ5RxnSSKSv) for analysis to see if its' possible to figure out which ransomware it is. It's a ".crypted" extension, though I've tried both "decrypt_xorist.exe" and "decrypt_nemucod.exe" but only get the error "No key found - The decrypter could not determine a valid key for your system. Please drag and drop both an encrypted file as well as its unencrypted counterpart onto the decrypter to determine the correct key. Files need to be at least 510 bytes long." Yes, I am dragging both the encrypted and unencrypted version onto both files with the same error. I have submitted a request to Dr Web as well. Appreciate any help!

Mine had been renamed *.doc.encrypted (no idea which particular ransomware it is.

You can submit samples of encrypted files and ransom notes to ID Ransomware for assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further assistance.

This week we received an alert that the crypt0locker ransomware (according the ransome note) encrypted files (.enc extension) on a computer. The proces responsible for the encryption was a file with the extension tmp. Soon after we received alerts from other computers but this time the proces was system:remote. After analyzing the alert from the first computer we noticed that the proces encrypted files on network shares which were not mapped to a netwerk drive. Besides encrypted files in folders on the c:, d: and M: (mapped nework drive) there were files encrypted on the path \\computer\share\folder.

This week we received an alert that the crypt0locker ransomware (according the ransome note) encrypted files (.enc extension) on a computer. The proces responsible for the encryption was a file with the extension tmp. Soon after we received alerts from other computers but this time the proces was system:remote. After analyzing the alert from the first computer we noticed that the proces encrypted files on network shares which were not mapped to a netwerk drive. Besides encrypted files in folders on the c:, d: and M: (mapped nework drive) there were files encrypted on the path \\computer\share\folder.

P.S. We reinstalled the infected computer and removed all the ransomware files and restored most files from a backup.

Again we had one computer with the crypt0l0cker ransomware which encrypted files on other computers with a shared folder. Before reinstalling this computer we saved the ransomware, the note files and two encrypted files. The ransomware was uploaded to virus total (https://www.virustotal.com/en/file/18398ed5c38dbacd97ce2d4fc9a4fc28c22ae68d37a263e5c3cdd77d7bbf597f/analysis/) but the file was already known. According to the comments the file was also analyzed by Deepviz analysis and hybrid analysis. On these websites you can download a sample for your own analysis.